package priv.wjh.study.oauth;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig {
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
		http
				.cors().disable()
				.authorizeHttpRequests().requestMatchers("/", "/login**", "/error**").permitAll()
				.anyRequest().authenticated()
				.and().logout().logoutUrl("/logout").logoutSuccessUrl("/")
				.and().sessionManagement()
				.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
				.and().oauth2Login();
        return http.build();
    }


}
